Cyber crooks are very well aware that information is a very lucrative commodity and that every type of information has potential buyers.
Take email addresses, for example. While having a batch of random ones at my disposal means absolutely nothing to me, professional scammers, spammers and marketers need them and are ready to pay good money for them, especially when they are well categorized.
Webroot has recently unearthed an offer for sale of millions of email addresses harvested by a cybercrime underground service, which has cleverly segmented the database based on country or generic top-level domains:
“Next to mass marketing campaigns, the segmented databases could be used for launching targeted attacks against a particular country, which in combination with localization — translating the spam message into the native language of the prospective recipient — and event-based social engineering attacks, could increase the probability of successful interaction with the malicious emails,” points out Danchev.
He also advises US government and military users to be especially careful when considering the legitimacy of received emails, as among the email addresses offered for sale are over 2 million on .gov and .mil domains.